There are few parallels to the breakneck speed at which Singapore has transformed itself from a rural backwater into a gleaming, urban financial hub in less than 50 years.
And there is barely time to pause for breath as we now charge ahead towards transforming ourselves yet again, this time into a Smart Nation. Ours is already a hyper-connected society, heavily plugged into a digital world, and built on a core infrastructure comprising of numerous cyber systems. The current era of automation and big data is expected to further increase Singapore society’s dependence on the digital world.
It means Singapore’s exposure to such threats will also increase, and already, we have seen evidence of this.
Four years ago, several government and other websites were defaced in a series of cyberattacks. In October last year, local telco Starhub was hit by two distributed denial of services attacks. Just about a month ago, a data breach led to the theft of the personal data of 850 national servicemen and Ministry of Defence employees.
These incidents reiterate the need for a comprehensive cybersecurity policy and cyberdefence capabilities, on a national level. They also underline how, despite our best efforts, Singapore remains vulnerable to cyberattacks – reportedly about a million daily last year – and the intensity and frequency of such attacks are expected to rise.
But with increased risks also come opportunities that should be tapped.
CONCERTED PUSH TO PROTECT SINGAPORE AGAINST CYBERATTACKS
So far, the Government has been alert to the issue of cybersecurity, and has taken a proactive approach towards protecting Singapore and its interests from such threats.
Earlier this month, amendments to the Computer Misuse and Cybersecurity Act were proposed to further deter cyberattacks and related activities. The proposed changes criminalise the use of hacked data and the act of obtaining or dealing with hacking tools. Swift amendments like these ensure the law stays abreast with evolving trends in cybercrime.
On the side of national defence, the recent announcement to set up a 2,600-strong Defence Cyber Organisation (DCO) is another proactive step. The DCO will safeguard military networks and resources under the Singapore Armed Forces, and also tackle unconventional cybersecurity challenges such as fake news and other forms of attacks.
There is also a strong focus on building cybersecurity capabilities by recruiting and training skilled individuals looking to pursue cybersecurity as a career option within the public sector. Offering cybersecurity as a National Service vocation, and on-the-job training opportunities can pull in young and capable individuals, solving the manpower crunch that exists in the industry.
These measures are timely and there exists a general consensus in their favour, but there are some other measures that have received a more mixed response. The most prominent example has been the restriction of Internet services at work for public servants.
On the path towards cybersecurity, it is seen by some as a step back. However, one must realise that cybersecurity is after all a digital battleground, and a solid defence may necessitate a temporary retreat. In light of the massive capability building underway, it is in our best interest to minimise exposure while we wait for the said capabilities to come online.
NAIVE TO OVERLOOK POTENTIAL ECONOMIC BENEFITS
Although the primary objective of this massive cybersecurity push is to safeguard Singapore against cyberattacks, it would be naïve to overlook the potential economic benefits from this campaign. Cybersecurity expenditures hit US$75 billion globally last year, and is expected to cross US$100 billion mark by 2020. Locally, the cybersecurity market is expected to generate 2,500 jobs by 2018, and reach S$900 million by 2020.
So the Singapore Government’s efforts which extend to the private sector to reinforce a larger cybersecurity strategy is a step in the right direction – in building up human capital, developing new solutions and ultimately boosting innovation in this field.
Anchoring renowned cybersecurity provider Palo Alto Networks in Singapore, whose offices opened last week at Guoco Towers, underscores the critical role of the private sector in making rapid progress in cybersecurity. Industry players, by their nature of design, can better able to adapt to growing cyber-security trends faster and in a more targeted fashion.
On the level of human capital development, the Cyber Security Associates and Technologists programme recently launched trains fresh and mid-career ICT professionals in collaboration with four industry partners looking to switch to cybersecurity.
Helping businesses, especially those who are not in the technology sector, build awareness and take action to protect themselves against such risks has been another useful and practical thrust. The launch of the Employee Cyber Security Kit by the Singapore Business Federation, which is a plug-and-play tool kit that assesses companies’ cybersecurity readiness and recommends education programmes is key to these efforts. A Cyber Risk Management project launched last April by NTU and MAS, which helps insurance firms shore up their defenses against cyberattacks also contribute in taking a sector-specific approach in building up cyber-resilience and identify potential weaknesses.
Local institutes of higher learning (IHLs) have also been roped in to accelerate Singapore’s understanding of the cyber domain. For instance, Nanyang Technological University (NTU) has set up research centres such as the Cyber Security Research Centre @ NTU. These are able to focus on and flesh out new concepts in developing a holistic approach to cybersecurity for Singapore, in areas such as security by design, cyber-threat detection and attack attribution, cyber-enabled crime and forensics.
Republic Polytechnic has also set up a cluster of five labs to tackle new cybersecurity challenges while Ngee Ann Polytechnic has introduced cybersecurity courses that help students gain a firm understanding of the field.
Indeed, cybersecurity is gaining currency as a vibrant area for research and development within IHLs. Partnerships among IHLs in the fight for cybersecurity are also helping to build needed capabilities in defending networks.
NTU Chief of Staff and Vice-President for Research Professor Lam Khin Yong who inked an agreement with Ben-Gurion University in Israel to jointly find innovative ways to tackle advanced cyber threats, said such partnerships will contribute in the research and development of innovative ways to fight Advanced Persistent Threats, which he described as “one of the most complicated problems in cybersecurity”.
“Such partnerships will leverage on the various core competencies of academia in combating this intractable problem,” he highlighted.
Partnerships between academia and the private sector to jointly develop concrete next-generation cybersecurity solutions, based on new methods that hackers use to breach computer security, are also underway.
In all these research and development efforts, often overlooked are the steps taken to capitalize on emerging cyber technologies to develop new solutions in other domains – such collaborations have developed solutions in sensing and communications in traffic enforcement, ensuring the cyber worthiness of autonomous vehicles and exploring highly inter-connected transportation methods.
Unlike traditional industries that depend on large manufacturing capabilities, natural resources or cheap labour, cybersecurity is an expertise-driven industry. This fits in perfectly with Singapore’s vision of a Smart Nation anchored on knowledge and skills. The sentiment is echoed by the industry, which has seen a number of new start-ups grow alongside the expansion of capabilities by established players.
If all goes to plan, Singapore will not just emerge as a nation that is cyber-secure but also as a leading provider of cybersecurity services globally. This is the golden opportunity that lies beneath the threat that is cybersecurity.